feat: add SSL configuration options for WebUI and update related logging

[Soulter]

Modifications / 改动点

• This is NOT a breaking change. / 这不是一个破坏性变更。

Screenshots or Test Results / 运行截图或测试结果

---

Checklist / 检查清单

• 😊 如果 PR 中有新加入的功能，已经通过 Issue / 邮件等方式和作者讨论过。/ If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
• 👀 我的更改经过了良好的测试，并已在上方提供了“验证步骤”和“运行截图”。/ My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
• 🤓 我确保没有引入新依赖库，或者引入了新依赖库的同时将其添加到了 requirements.txt 和 pyproject.toml 文件相应位置。/ I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in requirements.txt and pyproject.toml.
• 😮 我的更改没有引入恶意代码。/ My changes do not introduce malicious code.

Summary by Sourcery

为 WebUI 仪表盘添加可配置的 SSL 支持，并使相关的 URL 和日志与 HTTP/HTTPS 的使用保持一致。

新特性：

• 引入仪表盘 SSL 配置，可通过配置文件或环境变量启用 HTTPS，并指定证书、密钥和 CA 文件。

改进：

• 更新 WebUI 启动和 webhook 日志，根据 SSL 配置显示 HTTP 或 HTTPS 的 URL。
• 优化仪表盘配置的访问方式，通过重用本地的 dashboard_config 映射来获取配置。

Original summary in English

Summary by Sourcery

Add configurable SSL support for the WebUI dashboard and align related URLs and logging with HTTP/HTTPS usage.

New Features:

• Introduce dashboard SSL configuration with options to enable HTTPS and specify certificate, key, and CA files via config or environment variables.

Enhancements:

• Update WebUI startup and webhook logs to display HTTP or HTTPS URLs based on SSL configuration.
• Refine dashboard configuration access by reusing a local dashboard_config mapping.

[dosubot]

Related Documentation

Checked 1 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[sourcery-ai]

Hey - 我发现了 1 个问题，并且给出了一些整体性的反馈：

• 目前解析 SSL 启用环境变量有两套实现（server.py 中的 _parse_env_bool，以及 _is_dashboard_ssl_enabled 中的内联逻辑）；建议将这两者集中到一个共享的辅助函数中，以避免行为出现差异。
• dashboard SSL 是否启用是从配置中推导出来的，但 server.run（在有字典类型检查的情况下使用 bool(ssl_config.get("enable", False))）和 _is_dashboard_ssl_enabled（直接嵌套 get 并使用宽泛的 except）之间的逻辑略有不同；如果能统一这些代码路径，将会使行为更加可预测，并在配置格式不正确时减少意料之外的差异。

给 AI Agent 的提示

Please address the comments from this code review:

## Overall Comments
- There are two separate implementations for parsing the SSL enable env vars (`_parse_env_bool` in `server.py` and inline logic in `_is_dashboard_ssl_enabled`); consider centralizing this into a single shared helper to avoid divergence in behavior.
- The way dashboard SSL enablement is derived from config differs slightly between `server.run` (uses `bool(ssl_config.get("enable", False))` with a dict-type guard) and `_is_dashboard_ssl_enabled` (direct nested `get` with a broad `except`); aligning these code paths would make behavior more predictable and reduce surprising differences if the config is malformed.

## Individual Comments

### Comment 1
<location> `astrbot/core/utils/webhook_utils.py:24-32` </location>
<code_context>
         return 6185


+def _is_dashboard_ssl_enabled() -> bool:
+    env_ssl = os.environ.get("DASHBOARD_SSL_ENABLE") or os.environ.get(
+        "ASTRBOT_DASHBOARD_SSL_ENABLE"
+    )
+    if env_ssl is not None:
+        return env_ssl.strip().lower() in {"1", "true", "yes", "on"}
+
+    try:
+        return bool(astrbot_config.get("dashboard", {}).get("ssl", {}).get("enable"))
+    except Exception as e:
+        logger.error(f"获取 dashboard SSL 配置失败: {e!s}")
</code_context>

<issue_to_address>
**issue (bug_risk):** Using `bool(config_value)` here may treat non-boolean config values (e.g. non-empty strings) as enabled.

Config marks `dashboard.ssl.enable` as a bool, but this code still does a generic `bool(...)` cast. If the value ever becomes a non-empty string like "false" or "0", it will still evaluate to `True`. To align with `server.run` and make this robust, consider reusing the same `_parse_env_bool`-style logic (normalize strings and check explicit truthy values) for the config value instead of relying on general truthiness.
</issue_to_address>

---

Sourcery 对开源项目是免费的——如果你觉得我们的代码审查有帮助，请考虑分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点 👍 或 👎，我会根据你的反馈改进后续的代码审查。}

Original comment in English

Hey - I've found 1 issue, and left some high level feedback:

• There are two separate implementations for parsing the SSL enable env vars (_parse_env_bool in server.py and inline logic in _is_dashboard_ssl_enabled); consider centralizing this into a single shared helper to avoid divergence in behavior.
• The way dashboard SSL enablement is derived from config differs slightly between server.run (uses bool(ssl_config.get("enable", False)) with a dict-type guard) and _is_dashboard_ssl_enabled (direct nested get with a broad except); aligning these code paths would make behavior more predictable and reduce surprising differences if the config is malformed.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- There are two separate implementations for parsing the SSL enable env vars (`_parse_env_bool` in `server.py` and inline logic in `_is_dashboard_ssl_enabled`); consider centralizing this into a single shared helper to avoid divergence in behavior.
- The way dashboard SSL enablement is derived from config differs slightly between `server.run` (uses `bool(ssl_config.get("enable", False))` with a dict-type guard) and `_is_dashboard_ssl_enabled` (direct nested `get` with a broad `except`); aligning these code paths would make behavior more predictable and reduce surprising differences if the config is malformed.

## Individual Comments

### Comment 1
<location> `astrbot/core/utils/webhook_utils.py:24-32` </location>
<code_context>
         return 6185


+def _is_dashboard_ssl_enabled() -> bool:
+    env_ssl = os.environ.get("DASHBOARD_SSL_ENABLE") or os.environ.get(
+        "ASTRBOT_DASHBOARD_SSL_ENABLE"
+    )
+    if env_ssl is not None:
+        return env_ssl.strip().lower() in {"1", "true", "yes", "on"}
+
+    try:
+        return bool(astrbot_config.get("dashboard", {}).get("ssl", {}).get("enable"))
+    except Exception as e:
+        logger.error(f"获取 dashboard SSL 配置失败: {e!s}")
</code_context>

<issue_to_address>
**issue (bug_risk):** Using `bool(config_value)` here may treat non-boolean config values (e.g. non-empty strings) as enabled.

Config marks `dashboard.ssl.enable` as a bool, but this code still does a generic `bool(...)` cast. If the value ever becomes a non-empty string like "false" or "0", it will still evaluate to `True`. To align with `server.run` and make this robust, consider reusing the same `_parse_env_bool`-style logic (normalize strings and check explicit truthy values) for the config value instead of relying on general truthiness.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): 这里使用 bool(config_value) 可能会把非布尔类型的配置值（例如非空字符串）当作启用状态。

配置中将 dashboard.ssl.enable 标注为布尔值，但这里的代码仍然只是做了一个通用的 bool(...) 转换。如果该值变成诸如 "false" 或 "0" 之类的非空字符串，它仍然会被评估为 True。为了与 server.run 保持一致并增强健壮性，建议对配置值也复用 _parse_env_bool 式的逻辑（先规范化字符串并只检查显式的真值），而不是依赖通用的真值判断。

Original comment in English

issue (bug_risk): Using bool(config_value) here may treat non-boolean config values (e.g. non-empty strings) as enabled.

Config marks dashboard.ssl.enable as a bool, but this code still does a generic bool(...) cast. If the value ever becomes a non-empty string like "false" or "0", it will still evaluate to True. To align with server.run and make this robust, consider reusing the same _parse_env_bool-style logic (normalize strings and check explicit truthy values) for the config value instead of relying on general truthiness.